segfault in nl_object_clone
Thomas Graf
tgraf at suug.ch
Tue Oct 22 08:21:17 EDT 2013
On 10/14/13 at 05:50pm, Teto wrote:
> Hi,
>
> I just had a segfault while calling the class Object(object)
> constructor from python binding at the level of
> capi.nl_object_clone(self._nl_object):
> def __init__(self, obj_name, name, obj=None):
> self._obj_name = obj_name
> self._name = name
> self._modules = []
>
> if not obj:
> obj = capi.object_alloc_name(self._obj_name)
> if not obj:
> raise ValueError( "[" + self._obj_name + "] does not
> look like a valid name" )
>
>
> clone_obj = capi.nl_object_clone(self._nl_object)
> self._orig = self._obj2type(clone_obj)
>
> Looks like calling nl_object_clone on an empty nl_object crashes
> because there is no check in nl_object_clone to detect e NULL
> parameter, which case happens when you provide a bad name in
> capi.object_alloc_name(self._obj_name). I suggest to add a check after
> object allocation in this way:
> if not obj:
> obj = capi.object_alloc_name(self._obj_name)
> if not obj:
> raise ValueError( "[" + self._obj_name + "] does not
> look like a valid name" )
>
> This happened to me while trying to initialize flnl_request but it
> seems its operations are not registered into the cache manager. Any
> idea why ?
I pushed the following fix to avoid the segfault. Feel free to submit
a patch to the python code catching the NULL return.
commit d976e2e62bdaca2530f87e97730d03f93f662226
Author: Thomas Graf <tgraf at suug.ch>
Date: Tue Oct 22 14:16:43 2013 +0200
obj: Check for NULL pointer in nl_object_clone()
Signed-off-by: Thomas Graf <tgraf at suug.ch>
diff --git a/lib/object.c b/lib/object.c
index 9293df9..c3751a6 100644
--- a/lib/object.c
+++ b/lib/object.c
@@ -114,6 +114,9 @@ struct nl_object *nl_object_clone(struct nl_object
*obj)
int doff = offsetof(struct nl_derived_object, data);
int size;
+ if (!obj)
+ return NULL;
+
new = nl_object_alloc(ops);
if (!new)
return NULL;
More information about the libnl
mailing list